<?php

// start session
session_start();

// connect to database
$conn_str = 'host=dbsrv1.cdf.toronto.edu dbname=csc309g23 user=csc309g23 password=ipheid5h';
$conn = pg_connect($conn_str);

function check_sport($sport, $username, $conn) {

    $query = 'SELECT * FROM availability WHERE username = \'' . $username . '\' AND sport = \'' . $sport . '\'';
    $result = pg_query($conn, $query);
    $row = pg_fetch_row($result);
    if (pg_num_rows($result) == 0) {
        echo "rows returned" . pg_num_rows($result);
        return False;
    }
    return True;
}

if ($_POST['settingType'] == 'personal') { // save personal setting
	// query database
	$query = 'UPDATE members SET email=\'' . $_POST['email'] . '\', address=\'' . $_POST['address'] . '\', city=\'' . $_POST['city'] . '\', country=\'' . $_POST['country'];
	if (!empty($_POST['pass'])) {
		$query = $query . '\', password=\'' . $_POST['pass'] ;
	}
	$query = $query . '\' WHERE username=\'' . $_SESSION['username'] . '\'';
	
	$result = pg_query($conn, $query);

	if ($result) { // check username and password match
	    // save all user info and preferences in a session
	    $_SESSION['email'] = $_POST['email'];
	    $_SESSION['address'] = $_POST['address'];
	    $_SESSION['city'] = $_POST['city'];
	    $_SESSION['country'] = $_POST['country'];
	}
	
} elseif ($_POST['settingType'] == 'display') { // save display settings
	if ((($_FILES["display_pic"]["type"] == "image/gif") || ($_FILES["display_pic"]["type"] == "image/jpeg") || ($_FILES["display_pic"]["type"] == "image/pjpeg")) && ($_FILES["display_pic"]["size"] < 200000000)) {
	    if ($_FILES["display_pic"]["error"] > 0) {
		echo "Return Code: " . $_FILES["display_pic"]["error"] . "<br />";
	    } else {
		move_uploaded_file($_FILES["display_pic"]["tmp_name"], "profiles/" . $_SESSION['username'] . '.dp');
		$dp_string = "profiles/" . $_SESSION['username'] . '.dp';
	    }
	} else {
	    $dp_string = "profiles/user" . ".dp.default";
	}
	// query database
	$query = 'UPDATE members SET display = \'' . $_POST['country'] . '\',\'' . $_POST['city'] . '\',\'' . $_POST['address'] . '\',\'' . $dp_string . '\' WHERE username =\'' . $_SESSION['username'] . '\'';
	$result = pg_query($conn, $query);

	if ($result) { // check username and password match
	    // save all user info and preferences in a session
	    $_SESSION['display'] = $dp_string;
	}
	
} elseif ($_POST['settingType'] == 'privacy') { // save privacy settings
	// query database
	$query = 'UPDATE members SET showfirstname=\'' . $_POST['showfirstname'] . '\', showlastname=\'' . $_POST['showlastname'] . '\', showbirthday=\'' . $_POST['showbirthday'] . '\', showemail=\'' . $_POST['showemail'] . '\', showaddress=\'' . $_POST['showaddress'] . '\' WHERE username=\'' . $_SESSION['username'] . '\'';
	$result = pg_query($conn, $query);

	if ($result) { // save all user info and preferences in a session
		$_SESSION['showfirstname'] = $_POST['showfirstname'];
		$_SESSION['showlastname'] = $_POST['showlastname'];
		$_SESSION['showbirthday'] = $_POST['showbirthday'];
		$_SESSION['showemail'] = $_POST['showemail'];
		$_SESSION['showaddress'] = $_POST['showaddress'];
	}
	    
} elseif ($_POST['settingType'] == 'update') { // save availability
	    $query = 'INSERT INTO schedule VALUES (\'' . $_SESSION['username'] . '\', \'' . $_POST['stime'] . '\', \'' . $_POST['etime'] . '\', \'' . $_POST['day'] . '\' )';
	    $result = pg_query($conn, $query);
	    
} elseif ($_POST['settingType'] == 'remove') { // remove availability
	    $day = substr($_POST['select_timeslot'], 0, strpos($_POST['select_timeslot'],":"));
	    $stime = substr($_POST['select_timeslot'], strpos($_POST['select_timeslot'],":")+1, 8);
	    $etime = substr($_POST['select_timeslot'], strpos($_POST['select_timeslot'],"-")+1);    
	    $query = 'DELETE FROM schedule WHERE day = \'' . $day . '\' AND start = \'' . $stime . '\' AND endtime = \'' . $etime . '\' AND username =\'' . $_SESSION['username'] . '\'';
	    $result = pg_query($conn, $query);
	
} elseif ($_POST['settingType'] == 'sports') { // save sports settings
	$sports_query = 'SELECT * FROM sports';
	$sports = pg_query($conn, $sports_query);
	while ($sport = pg_fetch_row($sports)) {
	    if (($_POST[$sport[0]] == NULL) && (check_sport($sport[0], $_SESSION['username'], $conn))) {
		$remove_query = 'DELETE FROM availability WHERE username =\'' . $_SESSION['username'] . '\' AND sport =\'' . $sport[0] . '\'';
		$rem_result = pg_query($conn, $remove_query);
	    } else if (($_POST[$sport[0]] == $sport[0]) && (!(check_sport($sport[0], $_SESSION['username'], $conn)))) {
		$add_query = 'INSERT INTO availability (username, sport) VALUES (\'' . $_SESSION['username'] . '\',\'' . $sport[0] . '\')';
		$add_result = pg_query($conn, $add_query);
	    }
	}
}

// go back to page from which user logged in
header('Location: ' . $_SERVER['HTTP_REFERER']);	
?>